hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 02:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,840 Commits 1,691 Branches 160 Tags
codeql-cli/v2.12.0
Commit Graph

48840 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luchua-bc
eccd97c7b7 Query to detect unsafe getResource calls in Java EE applications 2022-04-09 01:14:15 +00:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Jeroen Ketema
4cfe04567f Merge pull request #8702 from jketema/command-line-sanitizer 
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
 2022-04-08 23:42:35 +02:00
Taus
3d14c5f3c3 Python: Update tests 
We need to import `tty` in order to be able to detect the standard library correctly.
 2022-04-08 23:20:47 +02:00
Taus
ab81247b7c Python: Fix modelling in ZipSlip.qll 
- Remove use of points-to.
- Exclude sources and sinks in the standard library (to prevent test brittleness).
 2022-04-08 23:19:41 +02:00
Taus
57beeaada0 Python: Fix name clash in CopyFile.qll 2022-04-08 23:18:03 +02:00
Taus
e1371151f9 Python: Autoformat Concepts.qll 2022-04-08 23:16:41 +02:00
Taus
8521f9a008 Python: Autoformat ZipSlip.ql 2022-04-08 23:13:38 +02:00
Taus
4b580820c8 Python: Fix broken QHelp 2022-04-08 23:12:46 +02:00
Edoardo Pirovano
b953fe39c2 Merge pull request #716 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 20:43:15 +01:00
Edoardo Pirovano
3d41a5cae3 Merge pull request #8704 from github/edoardo/3.5-mergeback 
Merge `rc/3.5` branch into `main`
 2022-04-08 19:32:58 +01:00
Dave Bartolomeo
e3b7ba6b1f Revert "Bump version of suite-helpers dependency" 
This reverts commit 49e568ed44.
 2022-04-08 14:06:59 -04:00
Dave Bartolomeo
49e568ed44 Bump version of suite-helpers dependency 2022-04-08 13:11:33 -04:00
Dave Bartolomeo
9f074cd8fd Bump a few more versions 
Also fixes up some dependency declarations that should have been "*" because they refer to packs in the same workspace.
 2022-04-08 13:01:41 -04:00
Geoffrey White
8d1e8e9ecb C++: Flow states and transformers. 2022-04-08 17:19:18 +01:00
Owen Mansel-Chan
f196538953 Merge pull request #714 from owen-mc/fix-get-enclosing-callable 
Extend DataFlowCallable to include file scopes
 2022-04-08 17:02:35 +01:00
Edoardo Pirovano
16c0f11c00 Bump minor version of packs 2022-04-08 15:51:34 +01:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Owen Mansel-Chan
b9ff1ccd45 Add change note 2022-04-08 15:23:24 +01:00
Ian Lynagh
3e5b5bee8a Merge pull request #8642 from github/post-release-prep/codeql-cli-2.8.5 
Post-release preparation for codeql-cli-2.8.5
 2022-04-08 15:09:21 +01:00
Ian Lynagh
6f6e8bfbd1 Merge pull request #713 from github/post-release-prep/codeql-cli-2.8.5 
Post-release preparation for codeql-cli-2.8.5
 2022-04-08 15:09:08 +01:00
Owen Mansel-Chan
76a0a51f39 Merge pull request #715 from owen-mc/print-empty-interface-with-single-space 
Pretty-print empty interface without double space
 2022-04-08 11:46:04 +01:00
Jeroen Ketema
83d35a9a96 C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection 2022-04-08 11:28:17 +02:00
annarailton
8ae905aef9 Update endpointTypeEncoded -> label 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1821
 2022-04-08 10:22:13 +01:00
annarailton
b0ab7218db Add test for query mappings 2022-04-08 10:22:13 +01:00
annarailton
4808eb9926 Change encoding -> label and description -> labelName 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1820
 2022-04-08 10:22:13 +01:00
annarailton
de4e01a8f2 Change NotASinkType to NegativeType 
Fixes https://github.com/github/ml-ql-adaptive-threat-modeling/issues/1819
 2022-04-08 10:22:13 +01:00
Anders Schack-Mulligen
35d30d6c3c Doc: Add any() and none() to the language reference. 2022-04-08 10:28:13 +02:00
Owen Mansel-Chan
880afea959 Pretty-print empty interface without double space 2022-04-08 06:09:56 +01:00
Geoffrey White
3aaa058308 C++: Get the simplest part of the query working, disable the rest for now, fix metadata, formatting etc. 2022-04-07 19:01:30 +01:00
Geoffrey White
9a0880f516 C++: Clean up the tests, make them a bit more realistic, and add many more test cases. 2022-04-07 19:00:30 +01:00
Geoffrey White
e2eda65fe1 C++: Rename test, add .expected. 2022-04-07 18:59:51 +01:00
Tony Torralba
9833fa2451 Add tests for SpringController 2022-04-07 18:17:50 +02:00
Rasmus Wriedt Larsen
517444b5ff Python: Fix SimpleXmlRpcServer.expected 2022-04-07 16:42:40 +02:00
Rasmus Wriedt Larsen
ec66f26ade Python: Handle get_collection on pymongo DB 2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen
89eeaf85d5 Python: Handle get_database on MongoClient instance 2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen
7ca19653df Python: mongoDBInstance refactor 2022-04-07 16:22:57 +02:00
Rasmus Wriedt Larsen
e58e9a273b Python: mongoClientInstance refactoring 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
0ce2ced1aa Python: Model pymongo.mongo_client.MongoClient 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
81fdc1bd78 Python: Add more pymongo NoSQL tests 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
30fff1cf8b Python: Merge pymongo NoSQL tests 2022-04-07 16:04:25 +02:00
Rasmus Wriedt Larsen
8191be9d75 Python: Move last XXE/XML bomb out of experimental 2022-04-07 15:37:56 +02:00
Rasmus Wriedt Larsen
405480c410 Python: Rename sink definitions for XXE/XML bomb 2022-04-07 15:37:56 +02:00
Anders Schack-Mulligen
4eaec3953a Merge pull request #8694 from aschackmull/dataflow/cleanup-unused 
Dataflow: Cleanup unused column
 2022-04-07 15:16:27 +02:00
Anders Schack-Mulligen
c0f48b6c14 Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs 
Java: Fix Local Temp File/Dir Incorrect Guard Logic
 2022-04-07 14:00:13 +02:00
Anders Schack-Mulligen
7beed570f2 Dataflow: Sync. 2022-04-07 13:53:48 +02:00
Anders Schack-Mulligen
876a9f80ce Dataflow: remove unused column. 2022-04-07 13:53:27 +02:00
Erik Krogh Kristensen
7e4c76c63b revert API-graph change in Flask.qll 2022-04-07 13:52:14 +02:00
Erik Krogh Kristensen
bdfd6bdc79 fix a ql/field-only-used-in-charpred warning 2022-04-07 13:52:14 +02:00